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(54) Distributed network iMised electronic wallet 

(57) A system, in which information is the primary 
asset and in which investments may be made in infor- 
mation, includes multiple data stores for storing different 
types of a user's information. The safe, secure and 
properly authorized transfer of information while pre- 
serving individual privacy is provided. The system also 
provides for secure t)ackip and storage, as well as for 
ut>iquitous and nomadic access to information while 
maintaining the privacy of such information. A first data 
store includes static identification data atx>ut a user. A 



second data store includes moderately dynamic per- 
sonal data akXMJt the user. A third data store includes 
dynamic demographic information data about the user. 
An electronic wallet can b>e used with the system to 
download selected portions of the data for use by the 
user. A method of use of ttie data includes using the 
data for billing out forms, providing services to the user 
and alfowing merchants to selectively target users for 
sales while maintaining user anonymity. 
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Description 

CROSS REFERENCE TO REUff ^D APPLICATIONS 

[00011 This applicatk)n is relaled to Provisk>nal Patent 
Application No. 60A)65.291 entitled Distraxjted Net- 
work Based Electronic Wallet." filed on November 12. 
1997. to which priority is claimed. 

FlPi n OF INVENTION 

[0002] This invention relates to information storage 
and retrieval systems, and more particularly, to an elec- 
tronic system for storage and authorized distrajution of 
personal infomnation. 

BACKGROUND OF INVENTDN 

[0003] In toda/s information-based economy, infor- 
mation is recognized by may corporations as a primary 
asset which, much like cun-ency. fully realizes its value 
only with frequent use. Information is a important asset 
not only for corporations, but also for individuals who 
often need to repetitively provide certain personal fads 
to merchants and service providers with wfiom they do 
txjsiness. 

[0004] Collections of personal information, in the form 
of denx)graphics, are invaluable to companies wishing 
to conduct targeted marketing campaigns. Examples of 
information collections include insurance policies, legal 
documents, medical records, and financial and credit 
histories. This information represents a valuable com- 
modity which may corporations are willing to purchase. 
[0005] In fact, may companies are known to massage 
th ir consumer accounts to create mailing lists which 
can be sold. Likewise, most consumers know tiiis hap- 
pens, and are not surprised to receive a barrage of cat- 
alogs from previously unknown vendors after placing a 
mail order for goods. Many consumers are annoyed by 
ttvs practk^e and some may even avoid the offending 
vendor in the future in order to prevent furttier abuse of 
their personal information. However, most of these con- 
sumer concerns couki be eliminated, or at least 
reduced, if this data were first scrut>bed or sanitized to 
remove all references to ttie particular indivkJual before 
being made availatsle as mari<eting data. 
[0006] Privacy is a growing concern in tiie internet and 
electronic commerce arena b>ecause each time you 
enter a site, your browser already tells the server a lot 
about you. such as which browser you're using and your 
IP address. Tbis makes it easy for data miners to track 
site visits and strip information from unsecured data 
transmissions. In response, ttie Internet business com- 
munity is promoting Open Profiling Standards (OPS) 
whk:h allow indivkJuals to save personal information on 
aharddriv on their PC and only alfowoth rstoaccess 
portione of this information after the individual grants 
permission. 



[0007] There is also concern over the use of cookies, 
or tokens that are attached to a user program and 
Chang depending on the web site areas entered. When 
you enter a web site using cookies, you may be asked to 
5 fill out a form provkjing information such as your name 
and interests. Tbis information is packaged into a 
cookie and sent to your web browser which stores it for 
later use. The next time you go to the same web site, 
your browser will send the cookie to the web server. The 
10 server can use this information to present you with cus- 
tom web pages. Cookies are typically designed to be 
persistent and remain in ttie browser for long perkxis of 
time, and can be used to unknowingly discfose the 
address of ttie site you most recentiy visited, or move- 
rs ments within a site. 

[0008] Consumers also increasingly want to system- 
atically organize arxJ secure personal information but 
are generally limited in tiieir atxfity to do so by the avail- 
ability of commercial software programs. For exanple. 
20 certain frandal planning ad management software 
packages provkie a tacility for storage of personal infor- 
mation on the consumer's PC. This practice can be vex- 
ing if the PC sii)sequentiy experiences an anomalous 
operation or a system malfunction. There is then a need 
25 for a system which wouM allow personal information to 
be professionally backed-up. thus protecting against 
mishap, natural disaster, negfigence. or even PC theft. 
[0009] Consumers also want the abiPrty to control and 
define access to their information, using presentiy avail- 
so able technofogy to securely and privately store, sort 
and/or exchange information. There is then a need for a 
third party who wouU provkie these types of services 
with a primary aim of preserving its consumers' per- 
sonal privacy. 

35 

SUMMARY OF THE INVENTION 

[001 0] In one aspect the invention provkjes a system 
for the selective organization, access to and use of per- 

40 sonal data. Tbe system may include a server having 
data storage capatxlity for storing different types of per- 
sonal data in distinct data stores, i.e., an "information 
l>ank". such that the information may be eff Icientiy used 
t>y the consumer and by institutions which the consumer 

45 has authorized to access the data. A first data store may 
include what is krx3wn as static identification data which 
is personal to a user such as a consumer and wtvch is 
typically necessary for estat)lishing a relationship 
between the consumer and an institution. Such a con- 

50 sumer will have a means to access the static kJerrtif ica- 
tion data, such as a personal computer, network 
computer, smart telephone or other communication 
device through the Internet or other network connection 
or wireless connection. A second data store may 

55 include what is known as moderately dynamfo personal 
data about a user or may users, again a consumer or 
consumers. This woutel typk^ally include a targe volume 
of data which may be difficult to manage and which is 
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Stored primarily for the convenience of the consumer. A 
third data store may include dynamic demographic 
information data about the users or consumers. This 
data may l>e mined from the data stores mentioned 
above, or may be the result of information provided by 
the consumer, for example, in response to surveys. Typ- 
ically, this information is valuable to many research and 
marketing institutfons which may directly or indirectly 
compensate the consumer for access to the informa- 
tion. 

[001 1 ] For purposes of the disclosure herein, by the 
term "static identification data" is intended to mean a 
relatively small amount of data which is relatively static 
and which is typically necessary for establishing a rela- 
tionship between the consumer and an institution. This 
type of data is stored for a indefinite period of time, typ- 
ically at no cost to the customer. Examples of this type 
of data include name, address, phone number, social 
security number and other commonly asked for informa- 
tion on forms, applk^atfons. etc. This type of data can be 
used in servk:es provided t>y an instrtutkxi such as a 
bank as a free account to permit activities such as auto- 
mated form filling, safe shopping and general electronic 
commerce. Such a account file can generally be 
referred to as a "courtesy account" 
[0012] WHh respect to "moderately dynanw: personal 
data", this is intended to mean a la^e amount of data, 
which is dynamic and whk:h is stored over long periods 
of time. Such types of data includes, for example, billing 
history, payment history, foans. real estate holdings, 
stock, bond, fund hokfings. medkal records, home web 
pages and the like. This type of data can be used in 
sendees provided by an institution such as a t>ank on a 
charge for service basis, and may be used in the 
account for bill presentment/payment relationship man- 
agement tax preparation, divergency informatfon (med- 
ical records) focal point and the like. Such an account 
and fDe can generally t>e referred to as a "servkse 
account." 

[001 3] As to "dynamic demographic information data", 
it is characterized by being demog'aphic data including, 
user interests, user profiles and user agents. Examples 
include age. geographic location, race, religion, profes- 
sional interests, hobt>y Interests, frequent purchase cat- 
egories, explicit requests for information, explicit 
requests for t)locking categories of information. Custom- 
ers who allow use and transmission of this data to oth- 
ers such as merchants couW be paid a portion of 
receipts of selling that data received by an institution 
such as t)ank. The data can be provkfed to market 
research orgemizations. electronic census provkfers, 
organizations which provide profile special offers and 
the like. Such an account and file can generally be 
referred to as a "value generation account." 
[0014] More specifically, a consumer's financial insti- 
tution. by the nature of the transactions in whk:h it 
engages, already has in its possession large amounts 
of confkJential and disclosure-sensitive information. As 



may t>e appreciated from the prior descriptfon. exam- 
ples of this type of information include credit card pur- 
chases, income data, bank card transactions, loan 
applfoation^ervidng, etc. Thus, it is optimal for the 

5 financial institution to maintain princ9>al possession, 
maintenance and storage of the types of information 
descrbed prevfously for consumer authorized use and 
distrixition. while sinuHaneously acNeving. without the 
introduction of yet another party, the securing of tiie 

10 consumer's personal information in an "information 
bank." 

[0015] In accordance with the inventfon. tfie con- 
sumer's information may be made availat)le through the 
financial institution's computer network server, thereby 

IS alfowing convenient "universal" access to the con- 
sumer's personal information, i.e.. "static identiffoation 
data". Thus, access to the consumer's i n for ma tion is 
only limited l>y access to standardized devices on com- 
puter networks, such as personal conputers, i.e., PC's, 

20 network computers. PDAs, smart telephones &nd other 
oommunk:ations devices whfoh are connected to the 
fffiandal institution through the Intemet or other network 
connection. More importantiy. the present invention 
eMnates the need for consumers to fiave direct 

2S access to the consumer's own PC. while at the same 
time provkting required security and access authoriza- 
tion controls. 

[0016] As noted previously, there is also a need to 
organize arxf utilize a much broader range of infbrma- 

30 tion, including personal information. This type of infor- 
mation further includes data tfiat is commonly 
associated with an indivkiual. i.e.. the "moderately 
dynamic personal information", and can t>e accessed by 
specific types of organizations or entities such as doc- 

35 tors, tax preparers, eto. Essentially, this information is 
automatically transferred, upon consumer authoriza- 
tion, to arxjtfier party in a formattfiat can k)e used. 
[0017] Rnally, it is also desirable to organize denx>- 
graphic information, i.e., "dynamic demographic infor- 

40 mation data", from consumers into collections of data 
for evaluation and use by other institutions arxi indivkiu- 
als. May of these institutions and indivkfuals. which 
include merchants and others engaged in commerce 
and institutions engaged in research, are willing to pay 

45 for access to such information. However, due to privacy 
concerns it is desirakrfe to make demographic informa- 
tion available without disclosing sensitive information 
about indivkJual consumers, such as actual name, phys- 
ical address, e-mail address, telephone number, etc. to 

50 a institution. Therefore an inquiring institution, for exam- 
ple a merchant, can come to the institution storing the 
consumer's data, such as a consumer's financial institu- 
tion, and request an tnformation-t>ased (e.g., electronic) 
profile of ttie kind of consumer to which its products and 

55 services would be suited. Such a profile wouki typically 
include th number of consumers within the datat>ase 
tfiat met certain criteria. The merchant couM then 
request that the financial institution deliver information 
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or advertisements dt Hs products or services to individ- 
uals which meet certain aiteria. The financial institution 
would then deliver the information or adv rtisement to 
individual consumers thus preventing direct contact 
k>etiween tiie merchant and the individual. After tiie con- 
sumer has the opportunity to anonymously review such 
information, the consumer at Hs own discretion may 
choose to contact the merchant 
[001 8] A portion of the fee charged by the consumer's 
financial institution for the request and receipt cf the 
consumer information may be used to pay the con- 
sumer as an inducement to participate in the transac- 
tion. Accordingly, the consumer is investing information 
for financial and/or non-f inandal gain. One example of 
non4inandal gain might be the receipt of loyalty credits, 
as in the case of airline mileage points. Therefore, the 
consumer is remunerated by the financial institution 
depending on what ttie business strategy requires. 
[0019] The system of ttie information bank can tfius 
provkJe. in specific aspects, three types of accounts: a 
courtesy account a service account and a value gener- 
ation account- Basic information can be stored in the 
infonrotion bank coirlesy account and used for auto- 
mated "form filling" services which are useful to ttie con- 
sumer as an easy means for providing personal 
information to others when and as authorized. This 
service may also include a digital signing service, a dig- 
ital signature verification service, and, for example, 
notary services. 

[0020] The information bank system's service account 
is appropriate for larger amounts of consumer gener- 
ated data which grows steadily over time. The servfoe 
will provide for secure backup and storage, as well as 
for "utHquitous" and "nomadjc" access. Service 
accounts may hold transaction logs, account histories, 
medfoal records, insurance information, financial 
records, etc. 

[0021] As personal computing devices become more 
accessible and "connected" through ttie Internet and 
ottier home networks, the requirement for home data 
storage devices may decrease. Since "standard" con- 
sumer software applications such as e-mail and home 
accounting packages have become readily available 
across distributed commercial networks, there is now a 
corresponding need for network based information stor- 
ag and safekeeping such as is provided in accordance 
witii tiie invention. One advantage of using networked 
information storage is that consumers will have access 
from many locations, and will not have to cany the infor- 
mation with ttiem when ttiey travel, as do people today. 
The consumer's information can be made securely and 
privately availat)le, for example, tiirough "set top boxes" 
i.e., cable system boxes used on television, and having 
advanced architecture such as RISC t>ased technology, 
in hotel rooms or on terminals in emergency hospitals 
upon authorized demand via smart cards or ottier simi- 
lar devices. 

[0022] The servfoe account will also provid softwar 



and data backi^archival services for small off k;e/ home 
office (SOHO) proprietors who prefer not to own stand- 
ard office software applications, and who wish to knew 
ttiat ttieir business records and data are securely and 
5 professionally managed. 

[P023] Another featiffe of ttie service account is to pro- 
vkle tturd party access to othenwise confidential infor- 
mation in ttie event of acckfent. emergency, or death. 
f=br example, an unconscfous accident victim can't pro- 
10 vide PIN or t>iometrk: access to urgentiy required medi- 
cal information. Under ttiese or ottier appropriate 
circumstances, the service makes stored medical infor- 
mation such as patient allergies. medk:ations. medk:al 
history, eto.. available to authorized recipients. This fea- 
rs ture also alfows estate executors to access information 
ttiat is required to handle estate matters, for example, 
private keys. 

[0024] Storing data in a self describing meta lan- 
guage, such as XML format facilitates transfer and use 

20 of data by third parties. With proper account owner 
access authorization, the service facilitates access and 
understanding of stored personal information, whfoh 
should reduce ttie dollar and time cost of services pro- 
vided by tiiird party professional service providers, such 

25 as accountants or physicians. 

[p025] The sennce account may also indude a cryp- 
tographs key esaow and recovery service which pro- 
vides key escrow and recovery sen/ice t>y storing a key 
pair and certificate copy after ttiese are generated by a 

30 txowser, or by generating a key pair and certif k:ate and 
storing a copy. The service then provides a replacement 
copy of the k^ pair and certiffoate in response to an 
authorized consumer request 

[0026] The present invention will enable the establish- 
35 ment of a trusted third party service to market demo- 
graphic and ottier valuable marketing type information 
to manufacturers, distributors. arxJ ottier marketing con- 
cerns, while protecting an individual's identity. Fuzzy 
logic matching is used to match merchant and con- 
40 sumer. on an anonymous t)asis so that neither knows 
the identity of the ottier, and allow consumers to search, 
shop, and negotiate anonymously, with only items that 
match their interests being brought to their attention by 
the service. 

45 [0027] The system information t>ank may also serve 
as clearing house and mint for value excfiange units 
created for use as coupons, tickets, tokens and other 
loyalty schemes. All of units will go through essentially 
ttie same creating, capture, redemption, and automated 

50 clearing functions. The information bank can provide 
services related to the creation and maintenance of loy- 
alty programs. These coupons, tokens, etc. can be 
stored in the information bark and temporarily distrit>- 
uted to or tracked by. for example, an electronic wallet 

55 For purposes of this disclosure an "electronic wallet" is 
a virtual container for th various information and finan- 
cial application a user might want to be mobile. The 
information is generic in nature, and the "WalleT can be 
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made to hold a heterogeneous collection of plications 
that are not necessarily affiliated, or even offered l>y the 
issuer of the wallet. The applications can be added "ad 
^oc- after issuanc ofth wallet. Although not required, 
one exanpl of an implementation of the "NwalleT is 5 
through the use of "smart card" technology of the type 
well known to those of ordinary skill in the art 
[0028] The system of ttie information l>ank also pro- 
vides the at)ility for consumers to specify certain inpor- 
tant events of which they wish to be reminded or 10 
notified. The consumer can also d^ine a notification 
hierarchy or priority. e.g. cell phone, work number, e- 
mail, home number, etc. and the tenacity Ixjill into the 
system for notification for each event. 
[0029] The Information bank" also includes the ability is 
to provkle an anonymous shopping service which 
allows the shopper to span multiple merchant sites and 
shopping services. The information b&nk intermediates 
the consumer shopping by assigning the consumer a 
different alias for each site in order to make cross coae- 20 
lation by data scavengers more difficult Orders to pop- 
ular merchants are consolidated and paid in a lunrp 
sum. Consumers are billed internally by the information 
l)ank, so no consumer payment identification informa- 
tfon crosses the Internet or is made availedble to mer- 25 
chants. Consumers may have goods shipped to a drop 
address from which a tfiird party re-ships the goods to 
the consumer so that the merchant never knows the 
identity of the consumer, and the re-shipper does not 
know shipment contents. 30 
[0030] The service also provides Internet and point of 
sale identity protection. By substituting the consumer 
account name with a random number every time the 
user's information is sent over the network, the informa- 
tion t>ank keeps track of the aliases it generates and 3s 
internally routes responses to appropriate parties while 
preserving anonymity. 

BRIEF DESCRIPTION OF THE DRAWINGS 

40 

[0031] Having briefly descrit)ed the invention, it will 
become better understood from the following detailed 
discussion, viewed with reference to the attached draw- 
ings, wherein: 

45 

FIG. 1 presents a general overview of an embodi- 
ment of the present invention; 
FIG. 2 presents a general overview of a use of a 
first specific data store as implemented in the sys- 
tem; 50 
FIG. 3 presents a general overview of a use of a 
second specific data store as implemented in the 
system; 

FIG. 4 presents another general overview of a use 
of a second specific data store as implemented in ss 
the system; 

FIG. 5 presents a general overview of hew a con- 
sumer inputs information or data into the second 



specifk: data store of FIGS. 3 or 4; 
FIGS. 6 and 7 present a general overview of alter- 
native ways of how consumers may access the sec- 
ond specific data store, i.a. the service account, in 
the system; 

FIG. 8 is a detailed overview of the use of a third 
spedf fo data store as implemented in the system. In 
comt^ination with the use of the first and second 
specific data stores; 

FIG. 9 is an alternate overview of the use of a third 
specifk; data store as implemented in the system; 
FIG. . : is an overview of how certain events trigger 
notification to consumers using the system; 
FIG. 11 shows how the system may t>e imple- 
mented to provide consumer information to mer- 
chants on an anonymous basis; 
RG 12 isa table showing the different types of data 
in the different accounts of the system; 
FIG. 13 is an architectural overview of an electronic 
wallet to t>e used in the system; and 
FIG. 14 illustrates a wallet and application access 
scheme. 

DETAILED DESCRIPTION 

[0032] The information banking system which 
includes a disbitxited network based electronic wallet 
provkies a means for consumers to interface with both 
the information bank and tfnrd-party providers of goods, 
services or information wtio are refenred to herein as 
merchants. In Figure 1. the consumer 25 is shown 
either interfadng with an information k>ank 23 arxi vari- 
ous merchants or service providers 27. This can be 
done by the consumer 25 ttirough a home PC or at a 
waik'up kiosk type devfoe which utilizes smart card 
technology. Connection to the information bank 23 can 
t>e through conventional transmissfon lines 29 such as 
telephone lines, cable, wireless communication, ^c. 
Regardless of the type of user interface chosen, the 
consumer communicates tiirough the network 29. to the 
information t>ank 23 and/or the merchants or service 
provkier 27. The network may be a closed network, 
accessible only to the consumer 25. the information 
bank 23 and approved merchants or providers 27. or it 
may be a network such as the Intemet, where all trans- 
actions are conducted in a secure manner well known in 
tiie art through appropriate encryption. The information 
bank 23 can t>e made up of a conventional server with 
appropriate data storage. Within the data storage, sep- 
arate files or accounts can be defined as will be readily 
apparent to those of ordinary skill in the art. Communi- 
cations t>etween the sender and other users/devices is 
achieved by conventional means such as a telephone 
modem, cable modem or other like established and well 
known systems. 

[9033] In Rgur 1 there is shown an overview of the 
types of accounts which will t>e maintained at the infor- 
mation bank 23 and the types of information retrieval 
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which the consumer 25 can contr I. The consumer's 
authorized information will be either requested by or 
relayed to various merchants or service providefs 27 
consisting of associations, billers. or financial institu- 
tions with whom the consumer 25 wishes to transact 
business. One type of consumer account is known as a 
courtesy account 31 and holds certain fiome or per- 
sonal information, such as the name, address, phone 
numbers, e-mail address, birthday, social security 
number, mother's maiden name, spouse's information 
and other farnlial information which is comnfx>nly 
r • :tel to fill out forms or othenvise identify the oon- 
oiimer to those with whom they do business. This type 
of data is typically known however as "static identifica- 
tion data" as has been described and will become 
clearer further herein. 

[0034] A second type of account is a servk:e account 
33 which is maintained for the benefit of the consumer 
and contains "moderately dynamic personal data" about 
tfie consumer 25. as well as software programs which 
c^n be accessed by the consumer 25, and which may 
be accessed or populated by various merchants or 
sennce providers 27 as authorized by the consumer 25. 
F r example. t>anking accounts, insurance information, 
tax returns, and other cor^umer data can be stored in 
the service account This data is characterized by being 
a large amount of data which is dynamk; and stored 
over long periods of time, it can be used for functions 
such as bill presentment/jpayment relationship man- 
agement, tax preparation, and other purposes as wfll 
become clearer further herein. 
[0035] Figure 1 also shows a third type of data known 
as "dynamic demo^'aphic information data" which is 
kept in a value genera^on account 25. This file or 
account 35 is provided as a means for the consumer 25 
to ddine certain demographic data, including a generic 
consumer profile, interests and hobbies, and the types 
of information the consumer would like to receive from 
third parties. This information is stored in the value gen- 
eration account 35. Upon request by a third party mer- 
chant or service provider 27. a profile or aggregate of 
consumer ffribrmation may be provided to the third party 
merchant or service provider by the informatfon bank 23 
for a fee. The profile or aggregate of information atx>ut 
participating consumers will not provide information 
which identifies individual participating consumers, but 
will rather provkle the third party merchant or service 
provider with sufftetent information to determine if it will 
request that the information bank provide consumers 
with advertisements of its merchandise or services. 
Merchants or service providers 27 will likely agree to 
pay for this aggregate consumer data and for indirect 
access to the consurriers whose information is con- 
tained in the data tank because it will enable the mer- 
chant or service provider 27 to direct specific offers to a 
targeted market in an effk^ient mann r. 
[0036] Figure 2 illustrates, one exarnple. of how the 
courtesy account can be used as a form filling sennca 



In this figure, there is a three-way relationship between 
the mercfiant, in this case a doctor 39. the consumer 25 
and the infonnatfon bank 23. Rrst, the merchant, or in 
this case, a doctor 35 will send a permissfon request for 

5 information t the consumer 25 through a separate con- 
nection 37 whrch can be tfie Internet a dedicated fine, a 
phone call, etc. The consumer 25 will then s&xi a per- 
mission message, including a verifiable signatures, 
back to the doctor 39. The doctor 39 wOl then forward an 

w informatfon request through, for example, use of com- 
munication device, including a now verifiable permis- 
sion to the informatfon bank 23. The information t>ank 
23 will verify the permissfon as being vafid for this par- 
ticular consumer 25 before Ibnwarding the consumer's 

75 personal informatfon to the doctor's office 39. The infor- 
mation in this scenario is originally entered by the con- 
sumer 25 directly into the informatfon bank 23. It is also 
expected that a merchant or a servfoe provfoer, such as 
a doctor, who maintains informatfon atxxjt an indivkiual, 

20 such as a history of immunizations, could have such 
information directly transmitted to the informatfon t>ank 
when the doctor is authorized to do so by his patient. 
This would give the patient/consumer the convenience 
of having the merchant or service provfoer prcvkle the 

25 Informatfon Bank with a medical history or with update 
information, such as a recent immunization, about the 
patient/consumer without the inconvenience of the 
patient^consumer tiaving to manually forward such infor- 
mation to the Information Bank which wouU then have 

30 to take the additfonal step of entering the data. This 
would also save the doctor the cost of storing the 
records. 

[0037] Of course, this type of service is not limited to 
form filling. In a more general sense, the Informatfon 

35 Bank allows the consumer to grant corxJrtional. single 
access or linvted access to service providers or mer- 
chants such as tax specialists, foan brokers, financial 
planners, and similar entities, which typfoally use infor- 
mation provkied by a consumer. After retrieving the con- 

40 sumer's information, these entities may generate 
compilations and/or analysis of the consumers data 
and. for example, prepare a tax return, loan application 
or financial plan for the consumer. The service provider 
could then either return the prepared document to the 

45 consumer or directly file documents such as a tax 
returns if authorized to do so by the consumer. Result- 
ing information might also be incorporated into the con- 
sumer's information stored in the Informatfon Bank for 
future access and/or analysis. 

50 [0038] Rgure 3 depicts the use of the information 
bank service account 33 to provide a signing service. 
Such a service way be provided where a consumer 25 
requests such a servfoe and provkles the servfoe insti- 
tution with adequate authorization, such as a power to 

55 attorney, to provide signatures for the consumer. As 
shown in this diagram, th consumer 25 forwards an 
unsigned document to the information bank 33 where 
crypto^^hic software 39 which is conventional in 
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nature and well known to those of ordinary skill will be 
used to authenticate the consuni^ 25 and generate a 
signed document for return to the consumer 25. Also, it 
is expected ttiat the consumer may authoriz the infor- 
mation bank to sign certain documents for the con- 
sumer which have been transnvtted to the bank by third 
parties. In such a case, the consumer wouU review the 
document and instruct the information bank to sign the 
document The information bank could then return the 
document to the consumer or to the third party if 
requested by the consumer. 

[0039] Electrorvc commerce requires certain trust 
conponents be implemented for signing services. More 
spedficaHy cunrent digital signing procedures require 
parties in electronfo transactions to provide critfoal trust 
conponents such as encryption and non-repudiatk>n 
sendees. The cunrent publfo key infrastructure (PKI) 
which is promoted by various vendors involves certifi- 
cate authorities (CA's). For the power of attorney signa- 
ture service described above, the information t>ank 
wouM provide the required key arxi certiffoate authority 
without requiring access to any private verification infor- 
mation or key possessed by a consumer, but woiid 
instead provide all authentication services through the 
informatfon t>ank service. TTie information t>ank would in 
turn require adequate authentication from the individual 
consumer for execution of the signing service. 
[0040] By implementing a digital signing service with 
appropriate software 39, the information bank 23 can be 
used to remedy or eliminate many of the issues related 
to registratfon, certificate issuance, certificate verifka- 
tion and certifk^te revocation lists (CRLs). TTiis also 
reduces the size of the data transfer required for a veri- 
fied transactfon. because a standard certif cate includes 
the certificate hoMer's identity the certifk:ate serial 
nufTt>er. a certificate hoUer's expiration dates, a copy of 
the certifk;ate hoUer's publfo key, the kientity of the CA, 
and the OA's digital signature which is used to confirm 
that the digital certificate was issued by a valid agency. 
[0041] The present invention also provides for digital 
signature verifk^tion and notary servfoes. This is illus- 
trated in Figure 4. Current PKI solutfons require several 
corrponents in order to verify the integrity of a digital 
signature. Beskies the documem and the signature 
itself, all certifk:ates in the chain to a trusted root and 
access to the CRLs for each CA must be available. 
These components are then fed into a software pro-am 
that verifies first, that no certificate was on a CRL at the 
time of signature: second, the integrity of each certifi- 
cate in the chain t>ased on the put)lic key of the next 
higher certificate in the chain is unquestfoned; and third, 
the integity of the original document. A consumer 25 
wishing to perform this process needs access to this 
software, but they must also trust the software that's 
performing these checks. That is, if the software pro- 
vKles a vaiki or invalid signature result, but the software 
is not adequately safeguarded on the consumer's 
machine, then any result provkied by this softwar is 



suspect 

[0042] The signature veriffoati n functfon offered t>y 
th present irrventfon provkJes a sin^ified arxi trusted 
method for verifying th integrity of add'rtfonal signa- 

5 tures. A consumer 25 is rrot required to understand th 
intricacies of CRLs and is not forced to load crypto- 
graphfo software onto his access devfoe. Instead, the 
corrsumer 25 just forwards the signature and request to 
the informatfon t)ank 23, whfoh performs the appropriate 

10 checks. In this case, the cryptographk: software 39 is 
already loaded into the infonratfon bark 23, but the 
CRL and root certificate are prcv'i^ed through fine 41 to 
the information t>ank 23 to periorm the verif cation for 
tine consumer 25. An alternate functfon. somewtiat 

IS related to signature verrfk:ation. is an actual signing 
function. In provkting a signing functfon, the information 
bank 23 accepts an unsigned document and signs it on 
behalf of the consumer 25. Another t>en^it of offloading 
the sigrv'ng and veriffoation process to the information 

20 bank 23 is that is reduces the overhead on the con- 
sumer 25 devfoe. It takes quite some time to generate a 
1024-bit k^ pair using a browser on a cunrent Pentium 
processor. The information t>ank 23, however, will be 
running this software on a state-of-the-art machine as 

25 previously discussed, which is capable of quickly per- 
forming this function. Furthermore, the information bank 
23 wfli operate in a secured environment whfoh will efim- 
inate any questions related to software integrity, and will 
provkie access to all required CRLs and route certifi- 

30 cates from the appropriate X.500 directory structures 
through connectiorts 41, many of which are likely to t>e 
stored in local cache memory. The information bank 23 
also functions as a secured backup and storage fadlity 
sendee. 

35 [0043] As more and more consumers begin to use 
electronic commerce and related electronic t>ill paying 
servfoes, consumers will need to maintain important 
home records related to these transactions on their own 
PCs. The consumer may soon have access to and 

40 require safe storage for electronic copies of insurarx:e 
policies and otiier legal documents. Many cortsumers 
already aeate large anxHints of data with personal 
financial software, such as tfiose commercially available 
under the names Quicken or Turtx) Tax. The secured 

45 Ijackup and storage service provided by the information 
bank 33 provides the consumer 25 with the capability to 
safely and securely store important documents on serv- 
ers which are professionally managed and reskJe on 
Information bank 23 hardware. Storage remote from the 

so consumers' PC provkles a disaster recovery plan and 
mitigates any problems associated with hard disc 
crashes, fire or theft. 

[0044] Rgure 5 provkles an overview diagram of the 
types of personal finarx:ial irrformation which will be res- 
55 ident on or managed t>y the information bank's secured 
t>ackup and storag devices. Personal financial informa- 
tion, such as t)anking. bill presentment, stocks, mutual 
funds. 401 K accounts or IRAs, all collectively kientified 
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with the number 43. can be transferred t the tnfonna- 
tk>n bank through connections 29 under the consum r's 
control. Legal documents such as insurance policies, 
wills, deeds, contracts and other electronic commerce 
documents can also be forwarded to the information 5 
bank 23 for secure archivaL Electronic artifacts, such as 
point of sale receipts, tickels. tokens and other 
forms of toyalty credits can be made by the consumer 
25 and tracked in the information bank 23 in a secured 
manner. Important medical records will inaeasingly be 
aeated and stored electronk^Uy by medical servk:e 
provkiers^ and such records of consumers* allergies, 
medk;at!ons. past x-rays, diagnoses and doctor's notes 
can t>e stored by the consumer 25 and securely and 
oonfUentially saved at the infDrmatk>n bank 23 in the 
servk:e account 33 for release only as approved by the 
consumer 25. In the preferred embodiment the con- 
sumer 25 would instruct the third party merchant to for- 
ward this infomnation directly to the information bank 23 
and it would then be stored therein for the consumer. In 
an alternate emtxxliment. these financial and personal 
documents would be moved from the third party mer- 
chant to the consumer 25 and then forwarded t)y tfie 
consumer to the information l)ank 33.. 
[00451 Another offk;e related service is the virtual 
offtee provkied by the information bank 23. This service 
compliments the storage and secure backup by. lor 
exarrple, provkjing software for students, or for use at 
small offices or home offices. Suites of office software. 
Including word processing or spreadsheet programs. 
couM be provided for the cost conscious indivkiual yvtK) 
has Internet access txit does not necessarily have the 
resources to pay for. or the desire to continually update 
and manage, a home office software library. This can be 
prcvkied by the servrce account 33 and implemented in 
a conventional manner well krxswn to those of ordtnariiy 
skill in the art. Subscritiers to this service wouki be able 
to execute the software when needed and would never 
have to worry about upgrades or system compatibility. 
whk:h wouU be managed by the information bank 33 
whrch transmits the software to the consumer 25 for use 
by the consumer 25 on the consumer's device. e.g.. 
home computer. 

[0046] The information bank 23 can be used to coor- 
dinate the consumer 25 information stored in the infor- 
mation bavk 23 with third party servk^e provkiers in 
order to more conveniently allow the consumer 25 to 
use the third party services. For exarrple. the informa- 
tion l>ank 23 may be used to provide software whrch will 
facilitate the downloading of certain consumer informa- 
tion to printing services or in case of emergency, to 
medical provkjers. The information bank 23 may also be 
programmed to release this information to, for example, 
executors of the consumer's estate if previously author- 
ized to do so by the consumer 25. By being at3te to 
share informatfon generated by vanous service provkl- 
ers. the consumer 25 will find tfiat many pre/iously bur- 
densome tasks are now easily accomplished. In the 



preferred emtxxjiment. tf^s data will be stored in a self- 
descrft>ing format, such as the XML protocol for easy 
transfer to and use by various third parties. 
[0047] Both Netscape and Mk^rosoft Corporations 
market web browsers which currently provkJe support 
for generating key pairs. However, if a user is so unfor- 
tunate as to suffer a disc crash or has failed to update 
the browser software, it is possible tfiat a user couM 
fose the keys forever. Once this happer^ there is no 
way to retrieve the infbrmalfon prevfously erx:rypted 
with the keys. The information bank 23 may offer a key 
escrow and recovery function as further depicted in Rg- 
ure 6 to protect the consumer 25 against catastrophic 
key fosses. In Figure 6 the consumer 25 uses software, 
such as a browser, whfoh can generate a ke^ pair gen- 
eration request and forward it to the information bank 
23. The information bank 23 then generates a key pair 
and certificate, saves the key pair and certificate, and 
forwards them to the consumer 25 for use. A secorxt 
option is shown in Figure 7 in whfoh the consumer 25 
using txowser software, generates the key pair arxf cer- 
tiffoate and then fonwards the key pair and certif k:ate to 
the information bank 23 for archival. If the consumer 25 
ever loses a key pair, the consumer 75 can request and 
rec&sfe a replacement copy from the information bank 
23. To accomplish all of this, of course, cryptographfo 
software 39 is required, the details of which will be read- 
ily apparent to tfx>se of ordinary skill in the art. 
[0048] The information bank 23 is configured to gen- 
erally facilitate electronic transactions and make the 
consumer's life easier and more convenient The value 
generation account 35 to be discussed in greater detail 
hereafter, can be used to provkie assisted product, 
servfoe. or information searches which not only make 
consumers' lives more convenient but also provkie con- 
sumers with some value in return for using the service. 
This value may be in the form of monetary compensa- 
tion or it may be in tiie form of toyalty credits with pre- 
ferred merchants selected by the consumer 25. This is 
an optional service and is completely controlled by the 
consumer 25. The consumer 25 can make their hob- 
fc>ies, personal interest and demographic information 
available, while keeping their Identity private. A con- 
sumer profile is compiled by the information t>ank 23 
from both explicit and implicit information. The con- 
sumer 25 is given foil control and can specify con- 
straints on information and spedffoally exclude certain 
information from product, service, or information search 
categories. Merchant offers which satisfy the consumer 
criteria are forwarded by the information bank 23 to the 
consumer 25. In this system, tiie merchant wiU not know 
the kientity or address information of tfie consumer 25. 
nor will the consumer 25 know who the identity of tiie 
merchant. The inforrr^on provided nrust be presented 
witti a summary demonstrating how it satisfies the orig- 
inal interest of th consumer 25 and way include short 
promotional inffornrtation. The consumer 25 has the 
opportunity to request more information or request a 
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purchase. Up to this point the advertising provided from 
th merchant to 1h consumer 25 has l)een free to th 
merchant. This aflows the merchant to get real time 
demand statistics arxi other valuat)! aggregat indica- 
tors of th quality of th ir offer free of charg . However, 
in order to oonplete the final transaction, a fee is 
required for the nrterchant to continue. In this way, these 
advertising dollars are spent by \he merchant krx)wing 
they are highly correlated to a targeted sales market 
[0049] Figure 8 illustrates such a process where the 
consumer information from the consumer 25 device is 
entered into the information b&nk value generation 
account (previously numeral 35 in FIG. 1) in the form of 
a profile. In this case, the information bank 23 is shown 
as consisting of an information bank portion 123 con- 
sisting of the courtesy account and servfoe account pre- 
viously discussed. The infomiatfon bank 23 will also 
include the value generation account nxxiule. i.e., 
nuirber 125 herein, an independent consumer advice 
module 127. a transactfon module 129 providing, 
matching, brokering, consolidation and accounting 
functions, and a merchant gateway mockile 131 which 
connects to the merchant 133. In this embodiment the 
value generation account module 125 takes input from 
the courtesy and service accounts 123 in the Uxm of 
explicit and implicit (mined) data. The consumer 25 pro- 
file is tpdated from this data and is provkied to a mod' 
ule 129 having a matching function running in the 
information bank 23. The matching function also is con- 
nected to receive offers from a merchant gateway mod- 
ule 131 which is connected to the merchant 133. 
Merchant offers which sufficiently match the consumer 
25 profiles will be forwarded by the information bank 23 
to the consumer by the nnodule 129 for review. When a 
consumer 25 indicates interest in a particular offer, they 
win issue a request or a buy request back to an informa- 
tion bank consolkJator function in module 1 29. which will 
then fonward this to the merchant 1 33. either individually 
or in bulk with other consumer offers. The merchant 1 33 
will then pay a fee for the brokerage service and por- 
tions of this will be split by the information bank 23 and 
allocated to particular consumer accounts as appropri- 
ate. This function also includes an indeperxjent con- 
sumer advisor module 127 which includes data 
availat>ie to the consumer 25 for reference, and pro- 
vides t>ackground information atx)ut various merchant 
offers. 

[0050] The fees paid by a merchant for access to the 
consumer information could also be structured such 
that the fee would inaease based upon the type of 
usage by the merchant For example, a certain fee 
couki t>e assessed for access to view a customer infor- 
mation summary. The fee would then be inaeased if the 
merchant cfiose to request that information be provided 
to indivklual consumers. A forther fee increase might be 
levied if a consumer chose to respond or purchase a 
merchants product alter being solk;ited through the 
information bank. Other tiers of services and fees are 



also contemplated. 

IPOSI] The information bank 23 may also be pro- 
gammed to provkje. for example, a coupon, ticket, 
token and loyalty management progam in whfoh the 

5 information bank 23 serves as a mint and dearingfious 
for units created for use as coupons, tokens, tickets and 
other foyalty schemes. Although exhibiting a wide vari- 
ety of outward appeararxies. tiie internals of the mint- 
ing, capture redemption and automatic clearing 

10 functions woukJ work essentially the same. This furx;- 
tion is valuable to the consumer 25 because of added 
frjnctionafity in an electronic wallet (to be described 
hereafter) to keep track of van ous coupons, tokens and 
ticket acquired by the consumer. 

15 [0052] A coupon and loyalty management program is 
depicted in Rgure 9 as including several components of 
the information bank 23. These components include a 
clearinghouse module 139. a retailer gateway Module 
137, a sennce accotffrt Module 123. crecfit exchange 

20 nfKxJule 135. a manufacturer gatew^ Module 141. and 
interfaces to merchants who can be either retailers 1 47. 
manufacturers 145 or s^ce provkJers. such as an 
opera house 149 or ticket issuer 143. 
[0053] As further shown in Figure 9, tiie information 

25 bank manutacturer gateway module 144 can be pro- 
grammed to mint a coLpon and issue this via the manu- 
facturer 145 electronically to the consumer 25 who will 
then store the coupon in the information bank service 
account 33 or in an electronic wallet therein. Coupons 

30 may t>e issued by manutacturer, distrftxjtors and/or 
retailers, and tickets may t^e issued, for example t>y var- 
ious entertainment and/or educational corx:erns. 
Tokens are issued by a wide variety of ooncems ranging 
from transportation authorities to entertainment estab- 

35 lishment Almost any retailer or business couM create a 
foyalty progam using tokens. The consumer 25 in 
receipt of a cotpon. ticket or token wouM store these in 
a service account or smart card elecfronic wallet When 
the consumer wished to redeem these coupons, they 

40 would forward them to the information t>ank retailer 
gateway module 1 37 whk^h presents the coupons to the 
infbmnation bank clearinghouse module 139 for setUe- 
ment The information bank manufacturer gateway 
module 1 41 then woukt issue an appropriate credit back 

45 through the information bavk clearinghouse module 
139 to the appropriate retailer 147 in exchange for the 
redeemed coupon. All of these functiorts can be imple- 
mented routinely by those of ordinary skill in the art 
using existing hardware and software tools and devices 

50 once the broad functionality described in detail herein is 
known. 

[0054] As shown in FIG. 10 the information bank can 
also provides an important event, notifrcation arxj 
response function. Such a function serves to allow the 
55 consumer 25 to specify certain events that are impor- 
tant to th consumer 25. Such nts coufo b birth- 
days, stock price nxjvements. loan availability, 
extraordinary bill charges, personal information 
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requests, etc. Hie consumer 25 can establish a hierar- 
chy for the infbrniation l>ank 23 to locate the consumer 
25, such as trying the consumer cellular phone first, 
then a work number, then e-nait. then a home number. 
When an event occurs that matches a trigger, a event 5 
notification is generated by a monitor pro-am 1 51 . The 
priority of the event would determine the degree of 
tenacity the service asserts in order to notify and obtain 
notice of vertfication from the consumer 25. This proc- 
ess is shown in Figure 10. where the consumer 25 sets 10 
specific event triggers and stores these in the informa- 
tion bank service account 33. The information bank 
then constantly monitors the event notif kations with the 
monitor program 151. and when there is a match for a 
trigger event, the information bank 23 provkies notice 15 
back to the consumer 25, based on the notif k:atx}n hier- 
archy prevkNisly d^ed by the consumer. 
[00551 The irribrmatton bank also provkJe an anony- 
mous shopping service. This service, as shown in Fig- 
ure 11. allows several components of the information 20 
bank (such as tfie service account 33, an anonymizer 
module 153 which assigns an alias to all consumer 
transactions, an order payment consolidator module 
155. a junk e-mail investigator module 1 57 and a reship- 
per module 1 59 to work together to prcvkle a intermedi- 25 
ate shopping servfoe whk:h alfows tfie consumer to 
t)rowse certain merchant displays over the Internet witfi- 
out revealing their kJentity The modules and functions 
described are conventional arxi well krK3wn. for exam- 
ple, from such services already available from certain 30 
web servk;e provklers. However, to date, no one has 
inte^ed the noted functions and modules into a 
coherent functioning system as provkied by the present 
invention. 

[0056] The anonymous shopping feature is similar to 3s 
th assisted product, service, and information search, 
but this feature assumes that the discovery and compar- 
ison work has already been done, either through mer- 
chant offers forwarded to the consumer, or by the 
consumer's independent investigatkxi. 40 
[0(^7] This feature is more like a "shopping carT on a 
website or service provxier site on the Internet, where 
the shopper can span multiple merchant sites and shop- 
ping sessions and create a consolidated order. The 
irrformation bank 23 serves as an intermediary for the 45 
consumer 25. The identity of the consumer 25 is 
replaced by an alias that is remembered by the functfon 
for sut)sequent reference. A different alias can be used 
for each merchant site, making it difficult for data scav- 
engers to cross-correlate consumer purchases based 50 
on the alias. Junk e-mail originating from unknown sites 
can t>e traced to the site selling the address information 
via the alias. 

[0058] This function consolidates orders to popular 
m rchants and pays these merchants directly in a lump 55 
sum, together with a summary of orders and corr - 
sporxiing shqo-to addresses. The consumer 25 is billed 
internally so that their credit card and other identification 



information is never exchanged over the Internet. 
(0059] For an additional sh^ng fee, the consumer 
has the option of having goods shipped initially to a drop 
box or reshipper address where a tiiird party will take 
tile goods and reship tfiem to the consumer 25 at 
his/her stored address, in this manner the merchants 
never know the address or kJentity of the consumer 25. 
The packages are handled anonymously and a reship- 
ping servrces does not knm package contents. 
[0060] With respect to the types of data stored by tfie 
information bank 23, as prevfously discussed, in partic- 
ular with the first data store whfoh is stored on the data 
storage mean, whfoh includes static kfentification data, 
tiie second data store stored on tfie data storage and 
which includes moderately dynamic personal data, and 
ttie third data store wtiich includes dynamk: demo- 
graphic information data, this is more clearly ilfostrated 
in FIG. 12. The courtesy count as shown in FIG. 12 
includes the static kientif icatfon data wNch is personal 
to a use having access to tiie information bank 23. The 
second data store correspondences to the dynamic per- 
soial data in the servfoe account, and includes data 
atxxit the user such as tilling history, payment history, 
eto. The tfiird data is the demographic data and will be 
stored in the interest bearing account to generate remu- 
neration for the consumer in. exchange for allowing use 
of that data All of the types of data described have been 
previously discussed and are further expanded and 
illustrated in the table shown in FIG. 12. 
[0061 ] Tuming now to the use of an "electronic wallet** 
as prevfously descnl^ed for use in connection with ttie 
system 21 of the invention, such a typical wallet 171 is 
shown in FIG. 13 which shows a typk:al architecture for 
such a wallet 171. The concept of an electronic wallet 
means many things to many people One version would 
be a pocket sized corrputer witfi a snap shot-size color 
screen ttiat will be used in place of many essentials that 
consumers carry around with them today such as 
money, keys, kJentification. credit cards, tickets, as well 
as items that provkie the consumer with moljile informa- 
tion and communications such as a watch, newspapers, 
calculator, portable telephone, pager, etc. In tills 
embodiment, ttie wallet 171 is a physical thing that is 
carried in the pocket. Because of its electronic nature, it 
can add functionality that the conventional wallet can 
not perform. However, consumer concerns about this 
type of device make it impractical. AKhough it is techni- 
cally possible to back up the contents of tiie electronic 
device, the reality is that consumers would prol>ably be 
at least as irresponsible with such a device as they are 
currentiy witti their own data. Further, to the extent that 
such a wallet interfaces wHh provkiers of the wallet or 
others, there is a security concern in that information 
about the consumer could be used by ottiers to make a 
profit and not let ttie consumer know about it. Thus, 
extension of the physical wallet, especially those offered 
l>y tiiird party software or hardware vendors make rapkJ 
adoption unlikely. 



10 



19 



EP 0 917 119 A2 



20 



[0062] At the other end of the spectrum is the totally 
virtual wallet. It is not a physical device, but a set of 
appfications on a server somewhere. Tti major disad- 
vantage of this approach is that all transactions have to 
t>e "on-nne" or connected to a server. This couid result 5 
in more expulsive and/or less convenient use. Another 
issue is security. 

[0063] A hybrid approach, and that preferred in 
accordance with the system 21 of the invention, is to put 
some data and applications on a physical device and 10 
some on a server, A smart card is ideally suited for this 
type of application since it makes the most sense to put 
the security and access functions on the caid, and to 
put the volume of data and applications on the server 
such as the information bank 23. Further, those transac- is 
tions that would be too expensive to have on-line, such 
as small amounts of electronk: cash transactkms, also 
makes sense to have on a such a smart-card. Thus, as 
shown in FIG. 13, the electronic wallet 171 in one 
en*)odiment is made up of an e-cash applications con- 20 
tainer 1 73, an electronic cash applicatkxi manager 1 75. 
a use or authentk:atk>n module 1 77, a key to appficatkm 
manager 181. a key ring applications container 183, 
and external applications interoperability API (applica- 
tk)ns program interlace) 179. and a user appOcation 25 
organizer and manager 1 85. 

[0064] The e-cash applicatk)ns container 1 73. as the 
name implies, is storage for e-cash applications. In 
order to gain crrtrcal mass, more than one type of e-cash 
is supported. The storage in corrtainer 1 73 is sufficiently 30 
generk; to only record each of its members as b&ng 
some form of e-cash and the actual "objecT In the con- 
tainer 173 is a "connector" to the real e-cash applica- 
tton. The programming provkJes that the e-cash 
application can be located and started. The e-cash 35 
manager 175 is software that provkJes how to add e- 
cash appircations and use them in a generic manner. 
The user authentication module 177 can be replaceable 
to allow for growth in the seciffity and authentication 
technologies. Prior to implementation of smart cards, it 40 
COM be software that asks for an account number and 
personal kJentif ication number, but with current technol- 
ogy, rt can be implerfiented using the card and a server, 
using authentication technology implemented today. For 
future purposes, alternative security arxl authenticatk>n 45 
technologies might use biometrics, etc. 
[0065] The key to applicatk>n manager 1 81 serves to 
manage non-cash applications in the wallet such as 
credit, debit. eK^hecks. kierrtrfk^ation. facifities access 
and other applications. This is the software that main- 50 
tains the contents of the key ring application container 
183. The key-ring container 183 hokJs the connectors to 
sender applications. The contents are managed and 
maintained by the key to application manager 181 previ- 
ously descrtoed. Even as smart cards become more 55 
commonly availat>le. it is believed that they will not be 
sufficiently large to actually hokl the applications. 
Instead, they will hoM "connectors" to the appfications 



that reskie on a s rver. The most important aspect of a 
"connector" is a key or certificate that helps kJentify an 
authorized user of the applk:ation. The l^ey ring" then is 
a container of keys. They are not like the *'rear keys, 
however, as further illustrated by FIG. 14 hereof. 
[0066] More spedfk^lly, FIG. 14 illustrates a wallet 
and applk:atk)n access scheme 201 . In this figure, the 
concept of an access devk:e prcvkler, wallet ssuer and 
applk:atx>n provider have all been separated. As illus- 
trated in FIG. 14, the consumer 25 can use an access 
devk:e 203 to access their information 205. The access 
devk:e 203 has been provkied at point of sale, or point 
of contact tiy some party. The wallet then uses the 
access device 203 and the access device server 207 
connectk>n to the network to contact the wallet issuer 
server 209. The consumer 25 then kientifies the appro- 
priate appTicatkxi by their own description. The desaip- 
tk>n is associated to a appiicatkm key proxy 211 that is 
sent to the appfication provkJer server 21 3. 
[0067] In the scheme 201 descrit>ed, the consumer 25 
can access their informatk>n via a devk:e 203 provided 
atpointof sale, or point of contact by son^e party. Since 
this party will want some presence other than the device 
203, some "real estate" is set askie in the presentation 
interface for their content. The wallet 171 uses the 
devk;e 203 and the devices server 207 connection to 
the network 201 to contact the wallet issuer server 209. 
The consumer 25. as noted previously, kientifies the 
appropriate applk:ation their own description. The 
desaptkHi is associated to an applk^ation key proxy 
211 that is sent to an issuer server 209. The issuer 
server 209 authenticates the user 25 and then looks up 
the kx:atk>n of the applk^ation and its real and actual key 
to be used for access to it. It then connects the con- 
sumer 25 to the application at the applk:ation server 21 3 
arxi serves as a secure conduit 
[P068] As m^ be appreciated, proxies are used 
instead of actual keys in case the card is lost or stolen. 
In this manner, the coordination with many unafffliated 
organizations to issue new keys is eliminated. The 
issuer strrply issues a new card with new proxies on the 
card. 

P069] Such a system as will t>e readily apparent can 
t>e easily implemented in the system of Rgures 1-12 to 
provkle enhanced functionality and flexibility. 
|P070] Although the invention has been described wrtii 
reference to these preferred enrftxxJiments and features, 
oth^ similar errtfxxJiments and features can achieve the 
same results. Variafions and modifications of the 
present invention will be apparent to one skilled in the 
art and the present disclosure is intended to cover all 
such modifk:ations and equivalents. 

Claims 

1 . A system for selective organization, access to and 
use of personal data, comprising: 
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a server, having data storag means for storing 
personal data in three separat and distinct 
data stores; 

a first data store stored on said data storage 
means comprising static identification data 
which is personal to a user having access 
means for connecting to the server accessing 
and using; 

a second data store stored on said data stor- 
age means corrpany moderately dynamic per- 
sonal data about the user; and 
a third data store stored on said data storage 
means comprising dynamic demographic infor- 
mation data at>out the user. 

2. A system according to daim 1 further comprising 
access means for connecting to said server to 
access said first second and third data stores. 

3- A system according to daim 2 wherein said access 
means conrprises a computer terminal connectak)le 
to said server via a network. 

4. A system according to daim 2 wherein said access 
means comprises an electronic wallet having said 
first data store duplicatively stored therein, portions 
of said second data store and portions of said third 
data store stored therein. 

5. A system according to daim 1 further comprising 
authorizing means for allowing selected users 
access to and use of dynamic personal information 
data in said third data stora 

6. A system according to daim 5 further comprising 
matching means for matching selective dynamic 
personal information data in said third data store 
wfiich is specific to a consumer with selected irrfor- 
mation provided by said selected users. 

7. A system according to daim 1 further comprising 
means for authenticating and signing documents 
for a user from data obtained from said second data 
store in comnrujnication with a user. 

8. A system according to daim 1 further comprising 
means for matching a user profile obtained from 
said third data store, with a merchant profile, upon 
user request, for transmitting information about the 
merchant's products to the user. 

9. A system according to daim 1 wheren said data in 
said third data store is stored in a configuration 
ensuring user anonymity. 

10. Asyst m according to daim 1 wh rein said second 
data store includes credited value data for use t>y a 
user in commerdal transaction. 



11. A metfiod of selectively organizing, accessing and 
using personal data comprising: 

storing a first data store made up of data oom- 
5 prising static identification data wtiich is per- 

sonal to a user having access to the first data 
store; 

storing a second data store made up of data 
comprising nxx^erately dynamic personal data 
10 about the user having access to ttie second 

data store; and 

storing a second data store made ^p of data 
comprising dynamic demographic information 
data about the user having access to the third 
75 data store. 

12. A nielhod as in daim 1 further comprising providing 
access by a user to said first data store for using ttie 
data therein for filling out forms. 

20 

1 3. A method as in claim 1 further conprising dupiicat- 
k\Q the data in the first data store, and portions of 
ttie data in the second and third data stores, on an 
electronic wallet. 

25 

14. A method as in claim 1 further comprising making 
data about selected users in the third data store 
ayatlat)le on an anonymous basis to merchants to 
allow merchants to provide information to the users 

30 about merchant products or services ttiat match the 
data provided. 

15. A method as in daim 1 forther corrprising down- 
foading purchasing crecSts from said second data 

35 Store into an eledrorv'c wallet to allow a user to 
engage in commercial transactions with such aed- 
its. 

16. A mettKxf as in daim 1 further comprising rTX)nitor- 
40 ing certain groups of data in said second data store 

for ttie occurrence of certain events, arxl notifying a 
user corresponcfing to said data of the event. 

1 7. A mettiod as in daim 1 6 further comprising access- 
es ing outside data sources to update data in said sec- 
ond and third data stores on a periodic basis. 

ia A mettiod as in daim 1 further conrprising auttiori- 
zation by a user to allow selected third parties to 
50 access data in said second data store. 

19. A mettiod as in daim 18 wherein said third parties 
are doctors. 

55 20. A method as in daim 18 wherein said third parties 
arefinandal servic providers. 

21. A method as in daim 18 wherein said third parties 
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ar one of the group consisting of telephone serv- 
ice vendors, power servic vendofs, and cable tele- 
vision vendors, insurance vendors, and aedt card 
providers. 
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